Developing an Anti-Spam and Anti-Virus Site Policy

When developing a policy for preventing spam and relaying, strike a
balance between providing safety from spam and providing a site where emails
are delivered in a timely fashion. The best policy is therefore to initially
provide a core set of measures that do not take up too much processing time
but trap the majority of spam. You can then define this core set of measures
after stress testing the final architecture. Start with the initial measures
below. Once you have deployed your system, monitor trapped and non-trapped
spam to fine tune the system and replace or add new functions if required.

Use the following set of measures as a starting point for your site’s
anti-spam and anti-virus policy:

Anti-relay should be provided by the ORIG_SEND_ACCESS settings.
This is structured to enable only subscribers and partnership users access
to deliver externally bound SMTP mail.

Use authentication services to validate roaming users. These users
verify their identity before being allowed to route externally bound SMTP
mail.

Implement subject line checking for common spam phrases using
the system-wide mailbox filters.

Set a maximum number of recipients using the holdlimit keyword.
This will have the effect of sidelining potential spam traffic. The initial
value could be set at 50 recipients and should be monitored over a period
of time to determine whether a higher or lower value is required.

Set up dummy accounts that are then manually used by the postmasters
to encourage spam to these specific accounts to identify new spam sites.

A message in which a virus has been detected should not be
returned to the original sender and should not be forwarded to the intended
recipient. There is no value in this because most viruses generate their own
mail with forged sender addresses. It has become very rare that such infected
messages will have any useful content.

Send infected messages to an engine that harvests and catalogues
information about the virus. You can then use such information to create threat
reports for your system administrators about new virus and worm outbreaks.